There’s not a lot of passion in the security blogosphere this week over any topic in particular, but there are some nuggets worthy of note, including an announcement in the Symantec Security Response blog about a makeover for the company’s ThreatCon.
Many security organizations use a measurement system to give customers a sense of the overall security picture at a given moment. The SANS Internet Storm Center has its Infocon while IBM ISS has its Alertcon and Kaspersky Labs has its virus alert box, which gives you a picture of a peaceful hillside when malware levels are normal. There are also places where you can find several of these on one screen, such as the Computer Network Defence site. But Symantec’s ThreatCon is one of the more popular security meters.
Dave Cole, product management director for Symantec Security Response, says the ThreatCon now offers more insight into phishing activity, spyware and adware, spam, malicious attacks and vulnerabilities, including non-Microsoft vulnerabilities and zero-day exploits. More options have also been added so users can “explore the entire threat environment, interact with the new Attack Explorer tool, and view Symantec’s Threat Watch.”
Cole said the main goal was to make it more interactive, comprehensive and visually appealing.
I had no problem with the old ThreatCon, though I do like the changes based on what I’ve seen so far. Since there are now so many different kinds of malware and attack vectors, it makes sense to offer customers more of a breakdown. Now they can drill down deeper into the areas that pose the most risk for their companies.
Check out the new ThreatCon and share your thoughts.
More on the Firefox/Internet Explorer flaw
Mozilla updated Firefox to fix several security flaws this week, including a vulnerability connected to Internet Explorer that has caused some controversy. The controversy has centered around whether the flaw was a problem from Microsoft’s side of the fence or Mozilla’s. Both sides have appeared reluctant to own this one.
And Thor Larholm, one of the researchers who brought this problem to light, says in his Larhom.com blog that the Firefox update isn’t the end of the story.
“Mozilla has just released Firefox 18.104.22.168 which purportedly fixes one of the attack vectors of the Internet Explorer input validation flaw that I previously detailed,” he wrote. “I will go on the record as stating that this does not actually fix the flaw in Internet Explorer, but simply patches one of the myriads of attack vectors.”
He said he can still automatically launch a wide range of external applications from Internet Explorer and provide them with arbitrary command line arguments.
As for who is most responsible for this flaw, Larholm says the assessment Mozilla put in its MFSA 2007-23 bulletin matches his thinking. Mozilla says in that bulletin, “This fix only prevents Firefox and Thunderbird from accepting bad data. This patch does not fix the vulnerability in Internet Explorer.”
Of course, Microsoft has already declared that this is not a vulnerability in a Microsoft product.
As I mentioned last week, there’s a bigger issue here than which browser the flaw came from.
People need to take care when browsing the Internet. If you are visiting porn and gambling sites or shopping online using a site that doesn’t clearly outline how the merchant is protecting your credit card data, you’re asking for trouble no matter which browser you’re using.
Some advice is worth repeating.
The Internet crash of 2007
I end this week’s column with some blogosphere buzz about a new parody video from The Onion with the following headline: “Breaking News: All online data lost after Internet crash.”
My favorite part: The dejected blogger who, after finding that all his data was gone, declared that his life is boring now and he wants to control/alt/delete himself.
About Security Blog Log: Senior News Writer Bill Brenner peruses security blogs each day to see what’s got the information security community buzzing. In this column he lists the weekly highlights. If you’d like to comment on the column or bring new security blogs to his attention, contact him at firstname.lastname@example.org.